Wireshark · Wireshark-users: Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers

Wireshark-users: Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers

From: Christopher Maynard <christopher.maynard@xxxxxxxxx>

Date: Wed, 11 Apr 2012 21:15:54 +0000 (UTC)

bill withers2 <witherbill2@...> writes:

> I am running wireshark 1.4.0 on a win7 desktop x64.  I am finding that when I
try to see any unsecured ftp processes they do not show up at all.  tcp, arp,
udp, etc all show up but ftp are simply awol.  I tried adding filters by setting
to ports 21 and 20, and to the particular hosts but nothing shows up.Any
suggestions?

No epiphany here, but just a few basic things you might want to check:
1) Are you sure it's unsecure, or could it be sftp?
2) Are you capturing on the right interface?
3) Do you see the ftp traffic if you capture all packets without any filters in
place?
4) Is the FTP dissector enabled? (Analyze -> Enabled protocols)

- Chris

Follow-Ups:
- Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers
  - From: Martin Visser

References:
- [Wireshark-users] wireshark/tshark not seeing ftp transfers
  - From: bill withers2

Prev by Date: [Wireshark-users] filter garp packets
Next by Date: Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers
Previous by thread: [Wireshark-users] wireshark/tshark not seeing ftp transfers
Next by thread: Re: [Wireshark-users] wireshark/tshark not seeing ftp transfers
Index(es):
- Date
- Thread